CVE-2026-14423: Type Confusion in Tint in Google Chrome prior to 150
Type Confusion in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
Metrics
- CVSS v3.1
- 9.6
- Severity
- CRITICAL
- Fixed in
- 150.0.7871.46
- Affected Products
- 1
HarborGuard Analysis
Synopsis
A type confusion vulnerability in Tint, a graphics library component inside Google Chrome, allows a remote attacker to exploit the browser via a crafted HTML page. The CVSS vector (AV:N/AC:L/PR:N/UI:R/S:C) indicates the attack is delivered over the network, requires no authentication, and needs only a single user interaction such as visiting a malicious page. Successful exploitation gives the attacker full confidentiality, integrity, and availability impact with scope change, enabling a sandbox escape that breaks out of Chrome's renderer isolation. A patched-image rebuild at version 150.0.7871.46 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-14423 is available across every HarborGuard environment; the CVE is ingested from upstream feeds within minutes of publication and matched against customer images in registries and CI/CD pipelines, including custom-built images that bundle a Chromium or Chrome binary. No manual configuration is required for the initial scan to fire.
AvailableHarborGuard surfaces this CVE with its CVSS 3.1 score of 9.6 (Critical) and applies per-environment compliance policy weighting before routing the finding to the appropriate team inbox inside each customer organization. Environments with stricter browser-related controls or PCI/SOC 2 policies will see this prioritized accordingly.
AvailableA patched-image rebuild at Chrome 150.0.7871.46 is available on HarborGuard for any image found to contain an affected Chrome version. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite against the updated image, and opens a pull request against affected workloads automatically.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker delivers the exploit over the network; the target Chrome instance must be reachable in the sense that the user browses to an attacker-controlled or compromised URL.
- AuthenticationNot required
No credentials or account are needed; any anonymous visitor to the crafted page is a valid target.
- Victim interactionRequired
The victim must navigate to or open the crafted HTML page, making this a one-click social-engineering vector such as a phishing link or malicious ad.
- Attack complexityDetail
Attack complexity is Low, meaning the exploit is reliable and requires no special race conditions, memory layout knowledge, or environmental prerequisites beyond the victim loading the page.
Blast Radius
- The attacker escapes Chrome's renderer sandbox, gaining code execution in a more privileged browser process outside the sandboxed context.
- With sandbox escape achieved, the attacker reads files, credentials, and session tokens accessible to the browser process on the host.
- The attacker writes or modifies data on the local filesystem or injects into other browser processes running under the same user account.
- The attacker can crash or destabilize the browser or dependent host processes, causing service disruption for the affected user session.
How HarborGuard Handles This
Available on HarborGuard: any image containing Google Chrome below 150.0.7871.46 is flagged immediately upon scan, scored at Critical (9.6), and queued for a rebuild against the fixed version. For customers who opt into auto-remediation, the typical flow from CVE publication to a merged patch PR runs around 90 minutes for Critical-severity findings in environments with auto-remediation enabled; HarborGuard rebuilds the image at 150.0.7871.46, executes a regression run, and opens a PR against affected workloads. Where compliance policy restricts automatic changes, the finding is routed to the designated team inbox with the fix version, affected image list, and remediation steps attached. Customers who cannot immediately update are advised to apply network-policy controls that restrict which internal services can spawn or embed Chrome, and to enforce browser update policies at the OS level as a compensating control.
Fix available
- Google / Chrome< 150.0.7871.46 (from 150.0.7871.46)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H